Termshark: A Wireshark via Terminal

  1 min read  

Termshark: A Wireshark via Terminal

Termshark is a command line user interface, inspired by Wireshark. Resources

  • Read pcap files or analyze active interfaces (with appropriate permissions)
  • Filter pcaps or live captures using Wireshark display filters
  • Reassemble and inspect TCP and UDP streams
  • View network conversations by protocol
  • Copy package ranges to the terminal clipboard
  • Written in Golang, it compiles into a single executable on each platform - downloads available for Linux, macOS, FreeBSD, Android (termux) and Windows.

Installation

First you need to install Go, for that use the package manager of your distribution, examples:

emerge go # Gentoo, Funtoo, ...
sudo apt install go # Debian, Ubuntu, Mint, ...
sudo pacman -S go # Arch, Manjaro, ...
sudo dnf install go # Red Hat, CentOS, Fedora, ...

Also install the dependencies:

  • tshark - command line network protocol analyzer, part of Wireshark
  • tcell - a cell-based terminal management package, inspired by termbox
  • gowid - composition terminal user interface widgets, inspired by urwid, built in tcell

After that just use the go command to install:

go get github.com/gcla/termshark/v2/cmd/termshark

And include the path in your $PATH variable, example:

echo 'export PATH="${PATH}:~/go/bin/' | tee -a ~/.bashrc

Example of use

Capture ping packets on the enp1s0 interface:

termshark -i eth0 enp1s0

For more information, run the command:

termshark -h

And visit the official address of the project: https://github.com/gcla/termshark

Add our feed: https://en.terminalroot.com.br/feed to:

Feedly